CVE-2024-51092: librenms vulnerability

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
CVE-2024-51092CVSS 9.1Web

CVE-2024-51092: librenms vulnerability

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

CVSS
9.1 CRITICAL
EPSS
93.33%
Known exploited
not in KEV
Product
librenms

What is known

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

Sources